def _save_study(
self,
study: RawStudy,
owner: Optional[JWTUser] = None,
group_ids: List[str] = list(),
content_status: StudyContentStatus = StudyContentStatus.VALID,
) -> None:
if not owner:
raise UserHasNotPermissionError
info = self.study_service.get_study_information(study)["antares"]
study.name = info["caption"]
study.version = info["version"]
study.author = info["author"]
study.created_at = datetime.fromtimestamp(info["created"])
study.updated_at = datetime.fromtimestamp(info["lastsave"])
study.content_status = content_status
if owner:
study.owner = User(id=owner.impersonator)
groups = []
for gid in group_ids:
group = next(filter(lambda g: g.id == gid, owner.groups), None)
if group is None or not group.role.is_higher_or_equals(
RoleType.WRITER):
raise UserHasNotPermissionError()
groups.append(Group(id=group.id, name=group.name))
study.groups = groups
self.repository.save(study)
def save_bot(self, bot: BotCreateDTO, params: RequestParameters) -> Bot:
if params.user:
role = self.roles.get(params.user.id, bot.group)
if role and role.type.is_higher_or_equals(bot.role):
b = self.bots.save(
Bot(
name=bot.name,
is_author=bot.is_author,
owner=params.user.id,
))
self.roles.save(
Role(group=Group(id=bot.group), type=bot.role, identity=b))
return b
else:
raise UserHasNotPermissionError()
else:
raise UserHasNotPermissionError()
def delete_group(self, id: str, params: RequestParameters) -> None:
if params.user and any((
params.user.is_site_admin(),
params.user.is_group_admin(Group(id=id)),
)):
return self.groups.delete(id)
else:
raise UserHasNotPermissionError()
def create_user(self, create: UserCreateDTO,
param: RequestParameters) -> Identity:
if param.user and param.user.is_site_admin():
if self.users.get_by_name(create.name):
raise UserAlreadyExistError()
return self.users.save(
User(name=create.name, password=Password(create.password)))
else:
raise UserHasNotPermissionError()
def delete_role(self, user: int, group: str,
params: RequestParameters) -> None:
if params.user and any((
params.user.is_site_admin(),
params.user.is_group_admin(Group(id=group)),
)):
return self.roles.delete(user, group)
else:
raise UserHasNotPermissionError()
def delete_bot(self, id: int, params: RequestParameters) -> None:
bot = self.bots.get(id)
if (params.user and bot and any((
params.user.is_site_admin(),
params.user.is_himself(Identity(id=bot.owner)),
))):
return self.bots.delete(id)
else:
raise UserHasNotPermissionError()
def get_all_roles_in_group(self, group: str,
params: RequestParameters) -> List[Role]:
if params.user and any((
params.user.is_site_admin(),
params.user.is_group_admin(Group(id=group)),
)):
return self.roles.get_all_by_group(group)
else:
raise UserHasNotPermissionError()
def get_all_bots_by_owner(self, owner: int,
params: RequestParameters) -> List[Bot]:
if params.user and any((
params.user.is_site_admin(),
params.user.is_himself(Identity(id=owner)),
)):
return self.bots.get_all_by_owner(owner)
else:
raise UserHasNotPermissionError()
def get_bot(self, id: int, params: RequestParameters) -> Bot:
bot = self.bots.get(id)
if (bot and params.user and any((
params.user.is_site_admin(),
params.user.is_himself(user=Identity(id=bot.owner)),
))):
return bot
else:
raise UserHasNotPermissionError()
def _assert_permission(
self,
user: Optional[JWTUser],
study: Optional[Study],
permission_type: StudyPermissionType,
raising: bool = True,
) -> bool:
if not user:
raise UserHasNotPermissionError()
if not study:
raise ValueError("Metadata is None")
ok = check_permission(user, study, permission_type)
if raising and not ok:
raise UserHasNotPermissionError()
return ok
def delete_user(self, id: int, params: RequestParameters) -> None:
if params.user and any(
(params.user.is_site_admin(), params.user.is_himself(
User(id=id)))):
for b in self.bots.get_all_by_owner(id):
self.delete_bot(b.id, params)
self.ldap.delete(id)
return self.users.delete(id) # return for test purpose
else:
raise UserHasNotPermissionError()
def save_role(self, role: RoleCreationDTO,
params: RequestParameters) -> Role:
role_obj = Role(
type=role.type,
group=self.groups.get(role.group_id),
identity=self.users.get(role.identity_id),
)
if params.user and any((
params.user.is_site_admin(),
params.user.is_group_admin(role_obj.group),
)):
return self.roles.save(role_obj)
else:
raise UserHasNotPermissionError()
def save_user(self, user: User, params: RequestParameters) -> User:
if params.user and any(
(params.user.is_site_admin(), params.user.is_himself(user))):
return self.users.save(user)
else:
raise UserHasNotPermissionError()
def save_group(self, group: Group, params: RequestParameters) -> Group:
if params.user and any(
(params.user.is_site_admin(), params.user.is_group_admin(group))):
return self.groups.save(group)
else:
raise UserHasNotPermissionError()
def get_all_bots(self, params: RequestParameters) -> List[Bot]:
if params.user and params.user.is_site_admin():
return self.bots.get_all()
else:
raise UserHasNotPermissionError()
def bots_create() -> Any:
"""
Create Bot
---
responses:
'200':
content:
application/json:
schema:
type: string
description: Bot token API
description: Successful operation
'400':
description: Invalid request
'401':
description: Unauthenticated User
'403':
description: Unauthorized
consumes:
- application/json
parameters:
- in: body
name: body
required: true
description: Bot
schema:
id: User
required:
- name
- group
- role
properties:
name:
type: string
description: Bot name
isAuthor:
type: boolean
description: Set Bot impersonator between itself or it owner
group:
type: string
description: group id linked to bot
role:
type: int
description: RoleType used by bot. Should be lower or equals ot owner role type inside same group
tags:
- Bot
"""
params = RequestParameters(user=Auth.get_current_user())
create = BotCreateDTO.from_dict(json.loads(request.data))
bot = service.save_bot(create, params)
if not bot:
return UserHasNotPermissionError()
group = service.get_group(create.group, params)
if not group:
return UserHasNotPermissionError()
jwt = JWTUser(
id=bot.id,
impersonator=bot.get_impersonator(),
type=bot.type,
groups=[JWTGroup(id=group.id, name=group.name, role=create.role)],
)
tokens = generate_tokens(jwt, expire=timedelta(days=368 * 200))
return tokens["access_token"]